/// <summary>
/// A simple function that takes a string and does a ToUpper
/// </summary>
/// <param name="input"></param>
/// <param name="context"></param>
/// <returns></returns>
public void FunctionHandler(ILambdaContext context)
{
Amazon.EC2.AmazonEC2Client ec2 = new Amazon.EC2.AmazonEC2Client();
var securityGroups = ec2.DescribeSecurityGroupsAsync().Result.SecurityGroups;
foreach (var securityGroup in securityGroups)
{
var dict = securityGroup.IpPermissions.ToList();
foreach (var rule in dict)
{
if (rule.Ipv4Ranges != null)
{
foreach (var ipv4rule in rule.Ipv4Ranges)
{
var extensions = ipv4rule.Description.Split('|')
.Select(x => x.Split('='))
.ToDictionary(x => x[0], x => x[1]);
foreach (var extension in extensions)
{
if (extension.Key == "fqdn")
{
ipv4rule.CidrIp = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32";
}
}
ec2.AuthorizeSecurityGroupIngressAsync(new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = dict
});
}
}
}
}
}
public AWSClass(string region, string AccessKey, string Secret)
{
RegionEndpoint EndPoint = RegionEndpoint.GetBySystemName(region);
Amazon.Runtime.BasicAWSCredentials Credentials = new Amazon.Runtime.BasicAWSCredentials(AccessKey, Secret);
_client = new AmazonEC2Client(Credentials, EndPoint);
}
public override void Execute()
{
Amazon.EC2.AmazonEC2Client client = new Amazon.EC2.AmazonEC2Client(AWSAuthConnection.OUR_ACCESS_KEY_ID, AWSAuthConnection.OUR_SECRET_ACCESS_KEY);
Amazon.EC2.Model.CreateSnapshotRequest request = new Amazon.EC2.Model.CreateSnapshotRequest();
request.VolumeId = volumeId;
Amazon.EC2.Model.CreateSnapshotResponse response = client.CreateSnapshot(request);
string snapshotId = response.CreateSnapshotResult.Snapshot.SnapshotId;
Console.WriteLine("Started snapshot of volume {0} with snapshot ID {1}", volumeId, snapshotId);
}
public override void Execute()
{
Amazon.EC2.AmazonEC2Client client = new Amazon.EC2.AmazonEC2Client(AWSAuthConnection.OUR_ACCESS_KEY_ID, AWSAuthConnection.OUR_SECRET_ACCESS_KEY);
Amazon.EC2.Model.CreateSnapshotRequest request = new Amazon.EC2.Model.CreateSnapshotRequest();
request.VolumeId = volumeId;
Amazon.EC2.Model.CreateSnapshotResponse response = client.CreateSnapshot(request);
string snapshotId = response.CreateSnapshotResult.Snapshot.SnapshotId;
Console.WriteLine("Started snapshot of volume {0} with snapshot ID {1}", volumeId, snapshotId);
}
// Deletes a VPC
private void DeleteVPC(VPC vpc)
{
using (var ec2 = new Amazon.EC2.AmazonEC2Client())
{
ec2.DeleteVpc(new Amazon.EC2.Model.DeleteVpcRequest
{
VpcId = vpc.VPCId
});
}
}
public List <Instance> GetInstanceList()
{
var instanceList = new List <Instance>();
var clientEC2 = new Amazon.EC2.AmazonEC2Client();
var describeInstancesResponse = clientEC2.DescribeInstances();
foreach (var reservation in describeInstancesResponse.Reservations)
{
instanceList.AddRange(reservation.Instances);
}
return(instanceList);
}
public void TestSessionCredentials()
{
using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient())
{
AWSCredentials credentials = sts.GetSessionToken().Credentials;
var originalEC2Signature = AWSConfigs.EC2Config.UseSignatureVersion4;
var originalS3Signature = AWSConfigs.S3Config.UseSignatureVersion4;
AWSConfigs.EC2Config.UseSignatureVersion4 = true;
AWSConfigs.S3Config.UseSignatureVersion4 = true;
try
{
using (var ec2 = new Amazon.EC2.AmazonEC2Client(credentials))
{
var regions = ec2.DescribeRegions().Regions;
Console.WriteLine(regions.Count);
}
using (var s3 = new Amazon.S3.AmazonS3Client(credentials))
{
var buckets = s3.ListBuckets().Buckets;
Console.WriteLine(buckets.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest {
RegistrationStatus = "REGISTERED"
}).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials, new Amazon.SimpleWorkflow.AmazonSimpleWorkflowConfig {
SignatureVersion = "4"
}))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest {
RegistrationStatus = "REGISTERED"
}).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
}
finally
{
AWSConfigs.EC2Config.UseSignatureVersion4 = originalEC2Signature;
AWSConfigs.S3Config.UseSignatureVersion4 = originalS3Signature;
}
}
}
public async override Task DoAction(string RoleARN)
{
await base.DoAction(RoleARN);
var logger = LogManager.GetCurrentClassLogger();
Parallel.ForEach(SharedLibrary.Utilities.GetRegions(), (region) =>
{
logger.Debug($"Checking EC2 instances in region {region.DisplayName }");
var creds = SharedLibrary.Utilities.AssumeRole(RoleARN, region);
var sessionCreds = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
Amazon.EC2.AmazonEC2Client client = new Amazon.EC2.AmazonEC2Client(sessionCreds, region);
string nextToken = null;
do
{
var describeInstancesResult = client.DescribeInstancesAsync(new DescribeInstancesRequest {
Filters = new List <Filter> {
new Filter("instance-state-name", new List <string> {
"running", "pending", "stopped", "stopping"
})
}, NextToken = nextToken
}).Result;
nextToken = describeInstancesResult.NextToken;
var instances = describeInstancesResult.Reservations.SelectMany(r => r.Instances).ToList();
if (instances.Count > 0)
{
logger.Debug($"Terminating {instances.Count} EC2 instance(s).");
var terminateResult = client.TerminateInstancesAsync(new Amazon.EC2.Model.TerminateInstancesRequest {
InstanceIds = instances.Select(a => a.InstanceId).ToList()
}).Result;
if (terminateResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Successfully terminated {terminateResult.TerminatingInstances.Count} EC2 instance(s).");
}
}
} while (nextToken != null);
});
}
public void TestSessionCredentials()
{
using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient())
{
AWSCredentials credentials = sts.GetSessionToken().Credentials;
var originalEC2Signature = AWSConfigs.EC2Config.UseSignatureVersion4;
var originalS3Signature = AWSConfigs.S3Config.UseSignatureVersion4;
AWSConfigs.EC2Config.UseSignatureVersion4 = true;
AWSConfigs.S3Config.UseSignatureVersion4 = true;
try
{
using (var ec2 = new Amazon.EC2.AmazonEC2Client(credentials))
{
var regions = ec2.DescribeRegions().Regions;
Console.WriteLine(regions.Count);
}
using (var s3 = new Amazon.S3.AmazonS3Client(credentials))
{
var buckets = s3.ListBuckets().Buckets;
Console.WriteLine(buckets.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials, new Amazon.SimpleWorkflow.AmazonSimpleWorkflowConfig { SignatureVersion = "4" }))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
}
finally
{
AWSConfigs.EC2Config.UseSignatureVersion4 = originalEC2Signature;
AWSConfigs.S3Config.UseSignatureVersion4 = originalS3Signature;
}
}
}
// Creates a VPC
private VPC CreateVPC()
{
var region = VPCRegion.FindValue(AWSConfigs.RegionEndpoint.SystemName);
using (var ec2 = new Amazon.EC2.AmazonEC2Client())
{
var ec2Vpc = ec2.CreateVpc(new Amazon.EC2.Model.CreateVpcRequest
{
CidrBlock = "10.0.0.0/16",
InstanceTenancy = Amazon.EC2.Tenancy.Default
}).Vpc;
return(new VPC
{
VPCRegion = region,
VPCId = ec2Vpc.VpcId
});
}
}
public void Dispose()
{
_client = null;
}
public DataTable GetVPCs(String aprofile, string Region2Scan)
{
string accountid = GetAccountID(aprofile);
DataTable ToReturn = AWSTables.GetVPCDetailsTable();
Amazon.Runtime.AWSCredentials credential;
RegionEndpoint Endpoint2scan = RegionEndpoint.USEast1;
//Convert the Region2Scan to an AWS Endpoint.
foreach (var aregion in RegionEndpoint.EnumerableAllRegions)
{
if (aregion.DisplayName.Equals(Region2Scan))
{
Endpoint2scan = aregion;
continue;
}
}
try
{
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
var ec2 = new Amazon.EC2.AmazonEC2Client(credential, Endpoint2scan);
var vippies = ec2.DescribeVpcs().Vpcs;
foreach (var avpc in vippies)
{
DataRow thisvpc = ToReturn.NewRow();
thisvpc["AccountID"] = accountid;
thisvpc["Profile"] = aprofile;
thisvpc["Region"] = Region2Scan;
thisvpc["VpcID"] = avpc.VpcId;
thisvpc["CidrBlock"] = avpc.CidrBlock;
thisvpc["IsDefault"] = avpc.IsDefault.ToString();
thisvpc["DHCPOptionsID"] = avpc.DhcpOptionsId;
thisvpc["InstanceTenancy"] = avpc.InstanceTenancy;
thisvpc["State"] = avpc.State;
var tagger = avpc.Tags;
List<string> tlist = new List<string>();
foreach (var atag in tagger)
{
tlist.Add(atag.Key + ": " + atag.Value);
}
thisvpc["Tags"] = List2String(tlist);
ToReturn.Rows.Add(thisvpc);
}
}//End of the big Try
catch (Exception ex)
{
WriteToEventLog("VPC scan of " + aprofile + " failed:" + ex.Message.ToString(), EventLogEntryType.Error);
}
return ToReturn;
}
/// <summary>
/// Gets the data for EC2 Instances in a given Profile and Region.
/// </summary>
/// <param name="aprofile"></param>
/// <param name="Region2Scan"></param>
/// <returns></returns>
public DataTable GetEC2Instances(string aprofile, string Region2Scan)
{
DataTable ToReturn = AWSTables.GetComponentTable("EC2");
RegionEndpoint Endpoint2scan = RegionEndpoint.USEast1;
Amazon.Runtime.AWSCredentials credential;
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
//Convert the Region2Scan to an AWS Endpoint.
foreach (var aregion in RegionEndpoint.EnumerableAllRegions)
{
if (aregion.DisplayName.Equals(Region2Scan))
{
Endpoint2scan = aregion;
continue;
}
}
var ec2 = new Amazon.EC2.AmazonEC2Client(credential, Endpoint2scan);
string accountid = GetAccountID(aprofile);
var request = new DescribeInstanceStatusRequest();
request.IncludeAllInstances = true;
DescribeInstanceStatusResponse instatresponse = new DescribeInstanceStatusResponse();
var indatarequest = new DescribeInstancesRequest();
try
{
instatresponse = ec2.DescribeInstanceStatus(request);
}
catch (Exception ex)
{
string test = "";//Quepaso?
}
//Get a list of the InstanceIDs.
foreach (var instat in instatresponse.InstanceStatuses)
{
indatarequest.InstanceIds.Add(instat.InstanceId);
indatarequest.InstanceIds.Sort();
}
DescribeInstancesResponse DescResult = ec2.DescribeInstances();
int count = instatresponse.InstanceStatuses.Count();
//Build data dictionary of instances
Dictionary<String, Instance> Bunchadata = new Dictionary<string, Instance>();
foreach (var urtburgle in DescResult.Reservations)
{
foreach (var instancedata in urtburgle.Instances)
{
try { Bunchadata.Add(instancedata.InstanceId, instancedata); }
catch (Exception ex) {
var ff ="";//a duplicate??
};
}
}
//Go through list of instances...
foreach (var instat in instatresponse.InstanceStatuses)
{
string instanceid = instat.InstanceId;
Instance thisinstance = new Instance();
try
{
thisinstance = Bunchadata[instanceid];
}
catch(Exception ex)
{
continue;
}
DataRow thisinstancedatarow = ToReturn.NewRow();
//Collect the datases
string instancename = "";
var status = instat.Status.Status;
string AZ = instat.AvailabilityZone;
var istate = instat.InstanceState.Name;
string profile = aprofile;
string myregion = Region2Scan;
int eventnumber = instat.Events.Count();
List<string> eventlist = new List<string>();
var reservations = DescResult.Reservations;
var myinstance = new Reservation();
var atreq = new DescribeInstanceAttributeRequest();
atreq.InstanceId = instanceid;
atreq.Attribute = "disableApiTermination";
var atresp = ec2.DescribeInstanceAttribute(atreq).InstanceAttribute;
string TerminationProtection = atresp.DisableApiTermination.ToString();
List<String> innies = new List<String>();
foreach (Reservation arez in DescResult.Reservations)
{
var checky = arez.Instances[0].InstanceId;
innies.Add(checky);
if (arez.Instances[0].InstanceId.Equals(instanceid))
{
myinstance = arez;
}
}
innies.Sort();
List<string> tags = new List<string>();
var loadtags = thisinstance.Tags.AsEnumerable();
foreach (var atag in loadtags)
{
tags.Add(atag.Key + ": " + atag.Value);
if (atag.Key.Equals("Name")) instancename = atag.Value;
}
Dictionary<string, string> taglist = new Dictionary<string, string>();
foreach (var rekey in loadtags)
{
taglist.Add(rekey.Key, rekey.Value);
}
if (eventnumber > 0)
{
foreach (var anevent in instat.Events)
{
eventlist.Add(anevent.Description);
}
}
String platform = "";
try { platform = thisinstance.Platform.Value; }
catch { platform = "Linux"; }
if (String.IsNullOrEmpty(platform)) platform = "Linux";
String Priv_IP = "";
try { Priv_IP = thisinstance.PrivateIpAddress; }
catch { }
if (String.IsNullOrEmpty(Priv_IP))
{
Priv_IP = "?";
}
String disinstance = thisinstance.InstanceId;
String publicIP = "";
try { publicIP = thisinstance.PublicIpAddress; }
catch { }
if (String.IsNullOrEmpty(publicIP)) publicIP = "";
String publicDNS = "";
try { publicDNS = thisinstance.PublicDnsName; }
catch { }
if (String.IsNullOrEmpty(publicDNS)) publicDNS = "";
string myvpcid = "";
try
{ myvpcid = thisinstance.VpcId; }
catch { }
if (String.IsNullOrEmpty(myvpcid)) myvpcid = "";
string mysubnetid = "";
try { mysubnetid = thisinstance.SubnetId; }
catch { }
if (String.IsNullOrEmpty(mysubnetid)) mysubnetid = "";
//Virtualization type (HVM, Paravirtual)
string ivirtType = "";
try
{ ivirtType = thisinstance.VirtualizationType; }
catch { }
if (String.IsNullOrEmpty(ivirtType)) ivirtType = "?";
// InstanceType (m3/Large etc)
String instancetype = "";
try
{ instancetype = thisinstance.InstanceType.Value; }
catch { }
if (String.IsNullOrEmpty(instancetype)) instancetype = "?";
//Test section to try to pull out AMI data
string AMI = "";
string AMIName = "";
string AMIDesc = "";
string AMILocation = "";
string AMIState = "";
try { AMI = thisinstance.ImageId; }
catch { }
if (string.IsNullOrEmpty(AMI)) AMI = "";
else
{
DescribeImagesRequest DIR = new DescribeImagesRequest();
DIR.ImageIds.Add(AMI);
var imresp = ec2.DescribeImages(DIR);
var idata = imresp.Images;
try {
if (idata.Count > 0)
{
AMIDesc = idata[0].Description;
AMIName = idata[0].Name;
AMILocation = idata[0].ImageLocation;
AMIState = idata[0].State;
}
else
{
AMIDesc = "na";
AMIName = "na";
AMILocation = "na";
AMIState = "na";
}
if (String.IsNullOrEmpty(AMIDesc)) { AMIDesc = ""; }
if (String.IsNullOrEmpty(AMIName)) { AMIName = ""; }
}
catch(Exception ex)
{
string whyforerror = ex.Message;
}
}
//
var SGs = thisinstance.SecurityGroups;
List<string> SGids = new List<string>();
List<String> SGNames = new List<string>();
foreach (var wabbit in SGs)
{
SGids.Add(wabbit.GroupId);
SGNames.Add(wabbit.GroupName);
}
//Add to table
if (SGids.Count < 1) SGids.Add("NullOrEmpty");
if (SGNames.Count < 1) SGNames.Add("");
if (String.IsNullOrEmpty(SGids[0])) SGids[0] = "NullOrEmpty";
if (String.IsNullOrEmpty(SGNames[0])) SGNames[0] = "";
if (String.IsNullOrEmpty(instancename)) instancename = "";
//EC2DetailsTable.Rows.Add(accountid, profile, myregion, instancename, instanceid, AMI, AMIDesc, AZ, platform, status, eventnumber, eventlist, tags, Priv_IP, publicIP, publicDNS, istate, ivirtType, instancetype, sglist);
//Is list for Profile and Region, so can key off of InstanceID. In theory InstanceID is unique
//Build our dictionary of values and keys for this instance This is dependent on the table created by GetEC2DetailsTable()
Dictionary<string, string> datafields = new Dictionary<string, string>();
thisinstancedatarow["AccountID"] = accountid;
thisinstancedatarow["Profile"] = profile;
thisinstancedatarow["Region"] = myregion;
thisinstancedatarow["InstanceName"] = instancename;
thisinstancedatarow["InstanceID"] = instanceid;
thisinstancedatarow["TerminationProtection"] = TerminationProtection;
thisinstancedatarow["AMI"] = AMI;
thisinstancedatarow["AMIState"] = AMIState;
thisinstancedatarow["AMILocation"] = AMILocation;
thisinstancedatarow["AMIDescription"] = AMIDesc;
thisinstancedatarow["AvailabilityZone"] = AZ;
thisinstancedatarow["Status"] = status;
thisinstancedatarow["Events"] = eventnumber.ToString();
thisinstancedatarow["EventList"] = List2String(eventlist);
thisinstancedatarow["Tags"] = List2String(tags);
thisinstancedatarow["PrivateIP"] = Priv_IP;
thisinstancedatarow["PublicIP"] = publicIP;
thisinstancedatarow["PublicDNS"] = publicDNS;
thisinstancedatarow["PublicDNS"] = publicDNS;
thisinstancedatarow["VPC"] = myvpcid;
thisinstancedatarow["SubnetID"] = mysubnetid;
thisinstancedatarow["InstanceState"] = istate.Value;
thisinstancedatarow["VirtualizationType"] = ivirtType;
thisinstancedatarow["InstanceType"] = instancetype;
thisinstancedatarow["SecurityGroups"] = List2String(SGids);
thisinstancedatarow["SGNames"] = List2String(SGNames);
//Add this instance to the data returned.
ToReturn.Rows.Add(thisinstancedatarow);
}//End for of instances
return ToReturn;
}//EndGetEC2
public DataTable GetSubnets(string aprofile, string Region2Scan)
{
string accountid = GetAccountID(aprofile);
RegionEndpoint Endpoint2scan = RegionEndpoint.USEast1;
//Convert the Region2Scan to an AWS Endpoint.
foreach (var aregion in RegionEndpoint.EnumerableAllRegions)
{
if (aregion.DisplayName.Equals(Region2Scan))
{
Endpoint2scan = aregion;
continue;
}
}
Amazon.Runtime.AWSCredentials credential;
DataTable ToReturn = AWSTables.GetComponentTable("Subnets");
try
{
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
var ec2 = new Amazon.EC2.AmazonEC2Client(credential, Endpoint2scan);
var subbies = ec2.DescribeSubnets().Subnets;
foreach (var asubnet in subbies)
{
DataRow disone = ToReturn.NewRow();
disone["AccountID"] = accountid;
disone["Profile"] = aprofile;
disone["AvailabilityZone"] = asubnet.AvailabilityZone;
disone["AvailableIPCount"] = asubnet.AvailableIpAddressCount.ToString();
disone["Cidr"] = asubnet.CidrBlock;
//Trickybits. Cidr to IP
//var dater = Network2IpRange(asubnet.CidrBlock);
System.Net.IPNetwork danetwork = System.Net.IPNetwork.Parse(asubnet.CidrBlock);
disone["[Network]"] = danetwork.Network;
disone["[Netmask]"] = danetwork.Netmask;
disone["[Broadcast]"] = danetwork.Broadcast;
disone["[FirstUsable]"] = danetwork.FirstUsable;
disone["[LastUsable]"] = danetwork.LastUsable;
///
disone["DefaultForAZ"] = asubnet.DefaultForAz.ToString();
disone["MapPubIPonLaunch"] = asubnet.MapPublicIpOnLaunch.ToString();
disone["State"] = asubnet.State;
disone["SubnetID"] = asubnet.SubnetId;
var tagger = asubnet.Tags;
List<string> taglist = new List<string>();
foreach (var atag in tagger)
{
taglist.Add(atag.Key + ": " + atag.Value);
if (atag.Key.Equals("Name")) disone["SubnetName"] = atag.Value;
}
disone["Tags"] = List2String(taglist);
disone["VpcID"] = asubnet.VpcId;
ToReturn.Rows.Add(disone);
}
}
catch (Exception ex)
{
string rabbit = "";
}
return ToReturn;
}
public DataTable GetEBSDetails(string aprofile, string Region2Scan)
{
DataTable ToReturn = AWSTables.GetEBSDetailsTable();
string accountid = GetAccountID(aprofile);
RegionEndpoint Endpoint2scan = RegionEndpoint.USEast1;
//Convert the Region2Scan to an AWS Endpoint.
foreach (var aregion in RegionEndpoint.EnumerableAllRegions)
{
if (aregion.DisplayName.Equals(Region2Scan))
{
Endpoint2scan = aregion;
continue;
}
}
Amazon.Runtime.AWSCredentials credential;
try
{
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
var ec2 = new Amazon.EC2.AmazonEC2Client(credential, Endpoint2scan);
// Describe volumes has a max limit, so we have to make sure we collect all the data we need.
DescribeVolumesRequest requesty = new DescribeVolumesRequest();
requesty.MaxResults = 1000;
var volres = ec2.DescribeVolumes();
var volyumes = volres.Volumes;
List<Volume> vollist = new List<Volume>();
while (volres.NextToken != null)
{
foreach (var av in volyumes)
{
try { vollist.Add(av); }
catch (Exception ex)
{
WriteToEventLog("EBS on " + aprofile + "/" + Region2Scan + " failed:\n" + ex.Message,EventLogEntryType.Error);
}
}
requesty.NextToken = volres.NextToken;
volres = ec2.DescribeVolumes(requesty);
}
foreach (var av in volyumes) vollist.Add(av);
foreach (var onevol in vollist)
{
var arow = ToReturn.NewRow();
arow["AccountID"] = accountid;
arow["Profile"] = aprofile;
arow["Region"] = Region2Scan;
arow["AZ"] = onevol.AvailabilityZone;
arow["CreateTime"] = onevol.CreateTime.ToString();
arow["Encrypted"] = onevol.Encrypted.ToString();
arow["IOPS"] = onevol.Iops;
arow["KMSKeyID"] = onevol.KmsKeyId;
arow["Size-G"] = onevol.Size;
arow["SnapshotID"] = onevol.SnapshotId;
arow["State"] = onevol.State.Value;
arow["VolumeID"] = onevol.VolumeId;
arow["VolumeType"] = onevol.VolumeType.Value;
//********** Some extra handling required**************///
List<string> taglist = new List<string>();
foreach (var atag in onevol.Tags)
{
taglist.Add(atag.Key + ": " + atag.Value);
}
arow["Tags"] = List2String(taglist);
var atachs = onevol.Attachments;
arow["Attachments"] = onevol.Attachments.Count.ToString();
if (onevol.Attachments.Count > 0)
{
arow["AttachTime"] = atachs[0].AttachTime;
arow["DeleteonTerm"] = atachs[0].DeleteOnTermination;
arow["Device"] = atachs[0].Device;
arow["InstanceID"] = atachs[0].InstanceId;
arow["AttachState"] = atachs[0].State;
}
ToReturn.Rows.Add(arow);
}
}
catch (Exception ex)
{
WriteToEventLog("EBS on " + aprofile + " failed:\n" + ex.Message, EventLogEntryType.Error);
}
return ToReturn;
}
public async Task <IEnumerable <Ec2InstanceImage> > GetDeprecatedInstanceIds(Amazon.RegionEndpoint currentRegion)
{
Amazon.EC2.AmazonEC2Client ec2Client = new Amazon.EC2.AmazonEC2Client(AwsSdkVending.AccessKeyId, AwsSdkVending.SecretKey, currentRegion);
string NextToken = null;
List <Ec2InstanceImage> lstInstances = new List <Ec2InstanceImage>();
List <string> lstImageIds = new List <string>();
List <Image> lstAffectedImages = new List <Image>();
do
{
var describeRequest = new DescribeInstancesRequest();
describeRequest.Filters = new List <Filter>();
describeRequest.Filters.Add(new Filter("platform", new List <string> {
"windows"
}));
describeRequest.Filters.Add(new Filter("instance-state-name", new List <string> {
"pending", "running", "shutting-down", "stopping", "stopped"
}));
describeRequest.NextToken = NextToken;
var describeInstancesResult = await ec2Client.DescribeInstancesAsync(describeRequest);
NextToken = describeRequest.NextToken;
foreach (var instance in describeInstancesResult.Reservations.SelectMany(r => r.Instances))
{
if (!lstImageIds.Contains(instance.ImageId))
{
lstImageIds.Add(instance.ImageId);
}
}
} while (NextToken != null);
if (lstImageIds.Count > 0)
{
var describeImagesRequest = new DescribeImagesRequest {
ImageIds = lstImageIds
};
describeImagesRequest.Filters = new List <Filter>();
describeImagesRequest.Filters.Add(new Filter {
Name = "is-public", Values = new List <string> {
"true"
}
});
var describeImagesResult = await ec2Client.DescribeImagesAsync(describeImagesRequest);
foreach (var currentImage in describeImagesResult.Images)
{
if (string.IsNullOrEmpty(currentImage.Description))
{
continue;
}
if (DeprecatedDescriptions.Any(d => Regex.IsMatch(currentImage.Description, d, RegexOptions.IgnoreCase)))
{
lstAffectedImages.Add(currentImage);
Console.WriteLine($"{currentImage.ImageId} - {currentImage.Description} is facing deprecation");
}
}
Console.WriteLine($"{lstAffectedImages.Count} images are marked for deprecation in {currentRegion.DisplayName}");
}
if (lstAffectedImages.Count > 0)
{
foreach (var image in lstAffectedImages)
{
do
{
var describeInstancesRequest = new DescribeInstancesRequest();
describeInstancesRequest.Filters = new List <Filter>();
describeInstancesRequest.Filters.Add(new Filter("image-id", new List <string> {
image.ImageId
}));
describeInstancesRequest.Filters.Add(new Filter("instance-state-name", new List <string> {
"pending", "running", "shutting-down", "stopping", "stopped"
}));
describeInstancesRequest.NextToken = NextToken;
var describeInstancesResult = await ec2Client.DescribeInstancesAsync(describeInstancesRequest);
NextToken = describeInstancesRequest.NextToken;
foreach (var instance in describeInstancesResult.Reservations.SelectMany(r => r.Instances))
{
lstInstances.Add(new Ec2InstanceImage
{
Region = currentRegion.DisplayName,
ImageDescription = image.Description,
ImageId = image.ImageId,
ImageName = image.Name,
InstanceId = instance.InstanceId
});
Console.WriteLine($"Instance {instance.InstanceId} in {currentRegion.DisplayName} ({image.Name}) is marked for deprecation and needs to be snapshotted.");
}
} while (NextToken != null);
}
}
return(lstInstances);
}
static void Main(string[] args)
{
Amazon.EC2.AmazonEC2Client ec2 = new Amazon.EC2.AmazonEC2Client(RegionEndpoint.APSoutheast2);
var securityGroups = ec2.DescribeSecurityGroupsAsync().Result.SecurityGroups;
foreach (var securityGroup in securityGroups)
{
var dict = securityGroup.IpPermissions.ToList();
var newDict = dict.ToList();
foreach (var rule in dict)
{
if (rule.Ipv4Ranges != null)
{
foreach (var ipv4rule in rule.Ipv4Ranges.ToList())
{
var rulesRegex = new Regex(@"\[(?:\[[^\[\]]*\]|[^\[\]])*\]", RegexOptions.None);
if (ipv4rule.Description == null)
{
continue;
}
var m = rulesRegex.Matches(ipv4rule.Description).ToList();
if (m == null)
{
continue;
}
foreach (Group g in m)
{
var extension = g.Value.Split(new[] { '[', ']' }, StringSplitOptions.RemoveEmptyEntries).ToDictionary(s => s.Split('=')[0], s => s.Split('=')[1]).FirstOrDefault();
if (extension.Key == "fqdn")
{
//get ip from DNS
var newIP = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32";
if (ipv4rule.CidrIp == newIP)
{
Console.WriteLine("Didn't update security group. Cidr Still matches");
}
else
{
IpPermission oldPermission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
oldPermission.Ipv4Ranges.Add(ipv4rule);
var oldlistofpermissions = new List <IpPermission>();
oldlistofpermissions.Add(oldPermission);
//revoke that one rule.
ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = oldlistofpermissions
}).Wait();
//add the new one.
IpPermission newPermission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
var newiprange = new IpRange();
newiprange.CidrIp = newIP;
newiprange.Description = ipv4rule.Description;
newPermission.Ipv4Ranges.Add(newiprange);
var newlistofpermissions = new List <IpPermission>();
newlistofpermissions.Add(newPermission);
//ipv4rule.CidrIp = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32";
ec2.AuthorizeSecurityGroupIngressAsync(new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = newlistofpermissions
}).Wait();
}
}
if (extension.Key == "expiry")
{
var isDate = DateTime.TryParse(extension.Value, out DateTime expiry);
if (!isDate)
{
var chronic = new Chronic.Parser();
expiry = chronic.Parse(extension.Value, new Chronic.Options {
EndianPrecedence = Chronic.EndianPrecedence.Little
}).ToTime();
ipv4rule.Description = ipv4rule.Description.Replace(g.Value, $"[expiry={expiry.ToString("yyyy-MM-dd HH:mm")}]");
IpPermission newPermission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
var newiprange = new IpRange();
newiprange.Description = ipv4rule.Description;
newiprange.CidrIp = ipv4rule.CidrIp;
newPermission.Ipv4Ranges.Add(newiprange);
var newlistofpermissions = new List <IpPermission>();
newlistofpermissions.Add(newPermission);
ec2.UpdateSecurityGroupRuleDescriptionsIngressAsync(new Amazon.EC2.Model.UpdateSecurityGroupRuleDescriptionsIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = newlistofpermissions
}).Wait();
//ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = listofpermissions }).Wait();
}
else
{
if (expiry < DateTime.Now)
{
IpPermission permission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
permission.Ipv4Ranges.Add(ipv4rule);
var listofpermissions = new List <IpPermission>();
listofpermissions.Add(permission);
ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = listofpermissions
}).Wait();
//newDict.Where(x => x == rule).Where(y => y.Ipv4Ranges == rule.Ipv4Ranges).First().Ipv4Ranges.Add()
}
}
}
}
}
}
}
}
}
public DataTable GetSnapshotDetails(string aprofile, string Region2Scan)
{
DataTable ToReturn = AWSTables.GetSnapshotDetailsTable();
string accountid = GetAccountID(aprofile);
RegionEndpoint Endpoint2scan = RegionEndpoint.USEast1;
//Convert the Region2Scan to an AWS Endpoint.
foreach (var aregion in RegionEndpoint.EnumerableAllRegions)
{
if (aregion.DisplayName.Equals(Region2Scan))
{
Endpoint2scan = aregion;
continue;
}
}
Amazon.Runtime.AWSCredentials credential;
try
{
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
var ec2 = new Amazon.EC2.AmazonEC2Client(credential, Endpoint2scan);
// Describe snapshots has a max limit, so we have to make sure we collect all the data we need.
DescribeSnapshotsRequest requesty = new DescribeSnapshotsRequest();
requesty.MaxResults = 1000;
//Ouch! It lists all snaps we have access to. We only want ones we own and pay for..
//And it doesnt seem to return the ones we own. WTF????
requesty.OwnerIds.Add("self");
var snapres = ec2.DescribeSnapshots(requesty);
var snappies = snapres.Snapshots;
int nummie = snappies.Count;
Dictionary<string, Snapshot> snaplist = new Dictionary<string, Snapshot>();
while (snapres.NextToken != null)
{
foreach (var av in snappies)
{
try
{
if (!snaplist.Keys.Contains(av.SnapshotId)) snaplist.Add(av.SnapshotId, av);
else
{
var goob = snaplist[av.SnapshotId];
if (goob.Equals(av))
{
string itsadupe = "Yar";
}
}//Eliminate dupes
}
catch (Exception ex)
{
WriteToEventLog("Snapshots on " + aprofile + "/" + Region2Scan + " failed:\n" + ex.Message, EventLogEntryType.Error);
}
}
requesty.NextToken = snapres.NextToken;
snapres = ec2.DescribeSnapshots(requesty);
}
foreach (var av in snappies)
{
if (!snaplist.Keys.Contains(av.SnapshotId)) snaplist.Add(av.SnapshotId, av);
else
{
var goob = snaplist[av.SnapshotId];
if (goob.Equals(av))
{
string itsadupe = "Yar";
}
}//Eliminate dupes.
}
foreach (var onesnap in snaplist.Values)
{
var arow = ToReturn.NewRow();
if (!accountid.Equals(onesnap.OwnerId)) continue;
arow["AccountID"] = accountid;
var rr = onesnap.GetType();
arow["Profile"] = aprofile;
arow["Region"] = Region2Scan;
arow["SnapshotID"] = onesnap.SnapshotId;
arow["Description"] = onesnap.Description;
arow["VolumeID"] = onesnap.VolumeId;
arow["VolumeSize-GB"] = onesnap.VolumeSize;
arow["Encrypted"] = onesnap.Encrypted.ToString();
arow["KMSKeyID"] = onesnap.KmsKeyId;
arow["OwnerAlias"] = onesnap.OwnerAlias;
arow["OwnerID"] = onesnap.OwnerId;
arow["Progress"] = onesnap.Progress;
arow["StartTime"] = onesnap.StartTime.ToString();
arow["State"] = onesnap.State.Value;
arow["StateMessage"] = onesnap.StateMessage;
var DKI = onesnap.DataEncryptionKeyId;
if (String.IsNullOrEmpty(DKI)) { }
else
{
arow["DataEncryptionKeyID"] = onesnap.DataEncryptionKeyId.ToString();
}
//********** Some extra handling required**************///
List<string> taglist = new List<string>();
foreach (var atag in onesnap.Tags)
{
taglist.Add(atag.Key + ": " + atag.Value);
}
arow["Tags"] = List2String(taglist);
ToReturn.Rows.Add(arow);
}
}
catch (Exception ex)
{
WriteToEventLog("Snapshots on " + aprofile + " failed:\n" + ex.Message, EventLogEntryType.Error);
}
return ToReturn;
}
